Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    One static, 1 dynamic address ...

    IPsec
    1
    2
    24
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      oldlock last edited by

      This question has been asked many times, but I have yet to see a concise and clear answer to it. Here is the situation.

      In Australia publicly route-able IP addresses for LTE services are :

      1 - Hard to get
      2 - Expensive
      3 - Add a LOT to latency as all traffic that uses them is routed via 1 exchange in Sydney irrespective of where you are in the country.

      So, for my site to site IPSEC VPN I have :

      Fixed IP for fibre connection into main office (SG3100 server lives here)
      10 LTE routers at remote sites, each with a dynamic, non-routable IP. So these clients need to be able to connect to the server. I'm 100% happy for the server to act as a responder only. I've done this before with cisco ASA etc so I know the LTE side is capable of it. I assume there must be a way for the pfsense to do the same thing ??

      Anyone have any insights. Please note the condition - DYNDNS at the LTE client cannot be part of the solution .

      1 Reply Last reply Reply Quote 0
      • O
        oldlock last edited by

        OK. For anyones interest this does work.

        1 - Turn off automatic firewall creation on the pfsense.
        2 - Set the wan address in phase 1 to 0.0.0.0
        3 - In phase 1 advanced select responder only.
        4 - Create any/any firewall rule in IPSEC rules.
        5 - Create UDP/500, UDP4500 and ESP all rules.

        And we have sucess, thanks in no small part to some very patient support staff.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy